It looks like very recent GnuTLS releases (>= 3.3.6) may have finally added the API needed to make this possible:
https://www.happyassassin.net/2015/01/12/a-note-about-ssltls-trusted- certificate-stores-and-platforms/ http://gnutls.org/manual/html_node/X509-certificate-API.html#index- gnutls_005fx509_005ftrust_005flist_005fadd_005ftrust_005fdir No idea whether or not it's as simple as it looks, but I'll have a go at it some time. ** Changed in: gnutls26 (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/242313 Title: TLS_CACERTDIR not supported in gnutls To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/242313/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs